Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211407.roa
File:                     AS211407.roa (raw, json)
Hash identifier:          Kf6yyGyW0bD3cn9j+56eBDRO/fpA9osDJ0eexUzrp3o=
Subject key identifier:   7B:F8:DB:02:AF:6D:32:7F:ED:BB:42:FB:FB:A4:5C:E7:5B:6D:37:14
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6C026F92F5BE4579057803CB0E2DEE9E4055E53A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211407.roa
Signing time:             Thu 25 Apr 2024 02:14:20 +0000
ROA not before:           Thu 25 Apr 2024 02:09:20 +0000
ROA not after:            Thu 24 Apr 2025 02:14:20 +0000
asID:                     211407
IP address blocks:        191.101.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:39:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:02:6f:92:f5:be:45:79:05:78:03:cb:0e:2d:ee:9e:40:55:e5:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 25 02:09:20 2024 GMT
            Not After : Apr 24 02:14:20 2025 GMT
        Subject: CN=7BF8DB02AF6D327FEDBB42FBFBA45CE75B6D3714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:40:62:09:df:19:be:7e:4a:05:7a:89:b0:94:
                    da:66:a3:c9:8c:b6:7f:5a:da:c2:d3:48:1b:5a:e9:
                    57:b9:a4:57:63:33:bf:d4:bf:78:45:45:6b:f4:3e:
                    3f:49:14:14:ec:39:0a:14:ab:70:de:6f:40:bb:ac:
                    0d:0d:a7:ad:b4:14:64:2b:7c:41:61:ea:bd:6a:22:
                    b1:2d:c4:2f:19:73:ca:91:16:d2:71:bb:11:24:b6:
                    19:ae:1f:fd:89:35:f8:85:1a:82:b5:fe:2f:70:19:
                    0d:b6:af:55:5b:17:79:78:7a:58:5f:dc:8c:ae:97:
                    19:2a:d5:3b:ed:27:e0:5d:80:9f:82:5c:53:82:cb:
                    10:c5:43:4f:06:fe:0d:d2:fd:fd:e8:52:90:a6:89:
                    ee:c7:d4:7b:8e:ee:a3:2c:c1:94:15:7d:4c:ab:5b:
                    56:65:3e:e3:59:9a:01:92:d3:e8:90:d8:95:5b:c8:
                    f2:8f:b0:ea:f5:b5:39:96:c8:b6:e7:88:57:ef:a0:
                    ce:e9:89:a7:28:8b:46:48:d7:ce:1c:7a:ce:25:03:
                    1e:e2:67:f7:da:9a:39:4e:6e:ff:e5:ba:66:98:c0:
                    c3:f9:b1:ff:82:29:ea:3e:79:e7:b2:2f:6e:3d:99:
                    7c:09:5f:7a:34:e1:38:df:c3:aa:86:37:8b:3f:04:
                    56:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:F8:DB:02:AF:6D:32:7F:ED:BB:42:FB:FB:A4:5C:E7:5B:6D:37:14
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211407.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:4f:c6:c9:d1:64:f8:30:a5:e9:75:bb:6e:1a:b3:59:d9:6e:
         a1:ac:bd:86:17:7a:80:22:d0:c7:6a:77:9e:0b:57:9c:ee:b1:
         89:a4:56:89:ed:7e:7b:db:82:e1:35:a3:a4:a1:ef:71:59:8e:
         ff:29:63:c8:37:4d:35:57:6b:39:6a:61:0d:4e:54:6e:3e:de:
         ac:a6:ef:64:8f:c6:c2:8e:81:41:b1:41:cb:aa:07:66:9a:ff:
         ce:57:d1:19:0f:ec:99:d0:41:16:e3:4f:a0:48:11:ea:f9:e3:
         2d:e1:99:0f:03:5a:9e:d4:55:b8:47:0b:73:1a:d1:ff:bf:5e:
         fc:da:18:42:fd:e4:b3:f6:76:3a:b2:0e:84:6c:4e:01:e5:43:
         70:9d:f9:cd:99:52:e2:d2:e4:5d:24:6e:03:da:c9:21:7c:ef:
         dc:36:03:30:76:ff:40:48:e7:c6:d7:94:15:09:37:33:0d:79:
         5c:4f:00:9f:3b:93:7f:df:0c:ce:80:4e:f3:47:ed:59:48:78:
         82:9e:43:83:81:fc:5f:cd:aa:df:df:80:63:e2:3c:d9:bf:31:
         2e:76:c4:56:2f:c9:ad:1a:2d:c0:5a:c8:80:82:a7:82:0b:22:
         10:7f:cb:32:cc:1d:0a:a8:e6:f7:64:dd:f7:2d:5e:1c:22:2d:
         7c:50:36:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbAJvkvW+RXkFeAPLDi3unkBV5TowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA0MjUwMjA5MjBaFw0yNTA0MjQwMjE0MjBaMDMxMTAvBgNV
BAMTKDdCRjhEQjAyQUY2RDMyN0ZFREJCNDJGQkZCQTQ1Q0U3NUI2RDM3MTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsQGIJ3xm+fkoFeomwlNpmo8mM
tn9a2sLTSBta6Ve5pFdjM7/Uv3hFRWv0Pj9JFBTsOQoUq3Deb0C7rA0Np620FGQr
fEFh6r1qIrEtxC8Zc8qRFtJxuxEkthmuH/2JNfiFGoK1/i9wGQ22r1VbF3l4elhf
3Iyulxkq1TvtJ+BdgJ+CXFOCyxDFQ08G/g3S/f3oUpCmie7H1HuO7qMswZQVfUyr
W1ZlPuNZmgGS0+iQ2JVbyPKPsOr1tTmWyLbniFfvoM7piacoi0ZI184ces4lAx7i
Z/famjlObv/lumaYwMP5sf+CKeo+eeeyL249mXwJX3o04Tjfw6qGN4s/BFYxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUe/jbAq9tMn/tu0L7+6Rc51ttNxQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExNDA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2W+
MA0GCSqGSIb3DQEBCwUAA4IBAQCRT8bJ0WT4MKXpdbtuGrNZ2W6hrL2GF3qAItDH
aneeC1ec7rGJpFaJ7X5724LhNaOkoe9xWY7/KWPIN001V2s5amENTlRuPt6spu9k
j8bCjoFBsUHLqgdmmv/OV9EZD+yZ0EEW40+gSBHq+eMt4ZkPA1qe1FW4RwtzGtH/
v1782hhC/eSz9nY6sg6EbE4B5UNwnfnNmVLi0uRdJG4D2skhfO/cNgMwdv9ASOfG
15QVCTczDXlcTwCfO5N/3wzOgE7zR+1ZSHiCnkODgfxfzarf34Bj4jzZvzEudsRW
L8mtGi3AWsiAgqeCCyIQf8syzB0KqOb3ZN33LV4cIi18UDbt
-----END CERTIFICATE-----